Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?

[Chris Poole]

On Mon, Jul 18, 2011 at 3:58 PM,  <address@hidden> wrote:

> to determine if they are synchronized already. the local archive cache is
> unencrypted manifests of the remote location. but i am not sure if this is
> what you asked. what is this in 'this doesn't happen'.

The way I understood it was that the manifest file and/or signature file (?) is
stored, encrypted, on the remote host. Locally, the same file is stored
unencrypted in Duplicity's cache file, to save having to fetch and process it
with each backup.

In the past when I've encrypted but not signed, I haven't been prompted for my
passphrase, so no decryption of this file has occured. Duplicity has obviously
found that the local cache is OK, so used that to assemble the next incremental
backup.

Now, with using a signing key too, I get asked for my passphrase immedately
after starting an incremental backup, suggesting to me that Duplicity is pulling
and decrypting the remote manifest and/or signature file. It doesn't need to
do any decryption, otherwise it would have been doing this all along, so I'm not
sure why it's being asked for. Perhaps I've misunderstood Duplicity's operation
or logic, though.

> please do, also i proposed a patch which introduces a --encrypt-sign-key 
> switch and reuses the passphrase if sign key is also one of the encryption 
> keys
> see http://bazaar.launchpad.net/~ed.so/duplicity/encr-sign-key2/revision/762

I got gpg-agent working fine (see below), which sorts this issue for me. I'll
still file the bug though, as I firmly believe in the unix philosophy of "don't
treat me stupid", and entering the passphrase twice seems daft.

> please post an private data obfuscated shell output showing gpg-agent and 
> duplicity -v9 call.

Something strange must have been going on with my shell session; I restarted for
something else, and it works fine now. Thanks for the help.

Cheers


Chris Poole
[PGP BAD246F9]